Hi,
I need some help with setting up a Draytek 2820Vn properly with static IP addresses on zen.
I have a pool of 16 addresses: x.y.z.80 to x.y.z.95
Usable ip addresses are from x.y.z.81 to x.y.z.93
x.y.z.94 is the router's IP address.
Netmask 255.255.255.240

On the Lan setup screen I have selected IP routing to be enabled and have typed in my "2nd subnet mask". I unsure of which IP address I should type into the field for "2nd IP address". Should this be the first usable address in my pool? E.g. x.y.z.81 or can I use my routers address, e.g. x.y.z.94. Thats what I have done now and it seem to work, but it also means the router has the same IP address on the wan and lan interface. Not sure if this is a problem. In addition to that do I need to set up the RIP protocol control (e.g. to 2nd subnet)? Can anybody please advise me on how I need to set this up.

Also, with using static IP-addresses on this router, will I need to tweak the firewall? E.g. put in a deny everything rule first, followed by other rules in which I allow certain ports?

Hope these questions are not too basic or stupid...
Thank you
Robert

StanByk wrote: Hi,
I need some help with setting up a Draytek 2820Vn properly with static IP addresses on zen.
I have a pool of 16 addresses: x.y.z.80 to x.y.z.95
Usable ip addresses are from x.y.z.81 to x.y.z.93
x.y.z.94 is the router's IP address.
Netmask 255.255.255.240

On the Lan setup screen I have selected IP routing to be enabled and have typed in my "2nd subnet mask". I unsure of which IP address I should type into the field for "2nd IP address". Should this be the first usable address in my pool? E.g. x.y.z.81 or can I use my routers address, e.g. x.y.z.94. Thats what I have done now and it seem to work, but it also means the router has the same IP address on the wan and lan interface. Not sure if this is a problem. In addition to that do I need to set up the RIP protocol control (e.g. to 2nd subnet)? Can anybody please advise me on how I need to set this up.

Also, with using static IP-addresses on this router, will I need to tweak the firewall? E.g. put in a deny everything rule first, followed by other rules in which I allow certain ports?

Hope these questions are not too basic or stupid...
Thank you
Robert

OK you're in the wrong place

So click the WAN link on the menu and then choose Internet Access. You'll see WAN1 and WAN2 on the right hand side, WAN1 is your current connection, so click it.

Now you'll see a table for your connection details. In the right hand side you'll see the option for DHCP/Fixed. Switch it to fixed and enter x.y.z.94 as the fixed address. Click OK, then go to Online status and drop and reconnect - now make sure your internet access works.

If all is good, then return to the WAN1 screen and this time click the WAN IP Alias button. In the popup screen you can now add the rest of your IP addresses, from .81 to .93.

Now your router will accept connections for all these IPs.

You don't need to do anything on the LAN screen at all.

For firewall rules there's a bit of a bug right now in setting up DMZ hosts, which has been fixed in 3.3.3_RC4a.

Basically what you do is you setup DMZ hosts for each of the external addresses mapped to an internal address. Then you configure the rules you want in the firewall setup, starting in SET#2. Yes starting with a block all inbound is a good idea - but make sure you block only if no further matches are found. Then configure the firewall to allow the ports you want on each of your internal hosts.